1#!/bin/sh
2#
3# Copyright (C) 2010, 2011, 2014  Internet Systems Consortium, Inc. ("ISC")
4#
5# Permission to use, copy, modify, and/or distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15# PERFORMANCE OF THIS SOFTWARE.
16
17# tests for TSIG-GSS updates
18
19SYSTEMTESTTOP=..
20. $SYSTEMTESTTOP/conf.sh
21
22status=0
23
24DIGOPTS="@10.53.0.1 -p 5300"
25
26# we don't want a KRB5_CONFIG setting breaking the tests
27KRB5_CONFIG=/dev/null
28export KRB5_CONFIG
29
30test_update() {
31    host="$1"
32    type="$2"
33    cmd="$3"
34    digout="$4"
35
36    cat <<EOF > ns1/update.txt
37server 10.53.0.1 5300
38update add $host $cmd
39send
40EOF
41    echo "I:testing update for $host $type $cmd"
42    $NSUPDATE -g -d ns1/update.txt > nsupdate.out 2>&1 || {
43	echo "I:update failed for $host $type $cmd"
44	sed "s/^/I:/" nsupdate.out
45	return 1
46    }
47
48    out=`$DIG $DIGOPTS -t $type -q $host | egrep "^${host}"`
49    lines=`echo "$out" | grep "$digout" | wc -l`
50    [ $lines -eq 1 ] || {
51	echo "I:dig output incorrect for $host $type $cmd: $out"
52	return 1
53    }
54    return 0
55}
56
57echo "I:testing updates as administrator"
58KRB5CCNAME="FILE:"`pwd`/ns1/administrator.ccache
59export KRB5CCNAME
60
61test_update testdc1.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || status=1
62test_update testdc2.example.nil. A "86400 A 10.53.0.11" "10.53.0.11" || status=1
63test_update denied.example.nil. TXT "86400 TXT helloworld" "helloworld" > /dev/null && status=1
64
65echo "I:testing updates as a user"
66KRB5CCNAME="FILE:"`pwd`/ns1/testdenied.ccache
67export KRB5CCNAME
68
69test_update testdenied.example.nil. A "86400 A 10.53.0.12" "10.53.0.12" > /dev/null && status=1
70test_update testdenied.example.nil. TXT "86400 TXT helloworld" "helloworld" || status=1
71
72echo "I:testing external update policy"
73test_update testcname.example.nil. TXT "86400 CNAME testdenied.example.nil" "testdenied" > /dev/null && status=1
74$PERL ./authsock.pl --type=CNAME --path=ns1/auth.sock --pidfile=authsock.pid --timeout=120 > /dev/null 2>&1 &
75sleep 1
76test_update testcname.example.nil. TXT "86400 CNAME testdenied.example.nil" "testdenied" || status=1
77test_update testcname.example.nil. TXT "86400 A 10.53.0.13" "10.53.0.13" > /dev/null && status=1
78
79echo "I:testing external policy with SIG(0) key"
80ret=0
81$NSUPDATE -R $RANDFILE -k ns1/Kkey.example.nil.*.private <<END > /dev/null 2>&1 || ret=1
82server 10.53.0.1 5300
83zone example.nil
84update add fred.example.nil 120 cname foo.bar.
85send
86END
87output=`$DIG $DIGOPTS +short cname fred.example.nil.`
88[ -n "$output" ] || ret=1
89[ $ret -eq 0 ] || echo "I:failed"
90status=`expr $status + $ret`
91
92[ $status -eq 0 ] && echo "I:tsiggss tests all OK"
93
94kill `cat authsock.pid`
95exit $status
96